Results 1 to 7 of 7

Thread: The technical proof please.

  1. #1
    Join Date
    Jul 2003
    Posts
    4,282

    The technical proof please.

    Again we have news items about naughtiness on the internet! How do they know? Code looks the same to me wherever it comes from. Do they find REM statements in the Russian language or something? News outlets are going to have to bite the bullet and ask for more details to show us. It is possible to explain the stuff to us technical folk I am sure.

  2. #2
    Join Date
    Jul 2003
    Posts
    4,282
    Perhaps I should have posted this yearning in the coder section but I might not understand any responces

  3. #3
    Join Date
    May 2005
    Posts
    8,070
    Quote Originally Posted by peteshimmon View Post
    Perhaps I should have posted this yearning in the coder section but I might not understand any responces
    What was the incident that prompted your post? Do you have a link?

  4. #4
    Join Date
    Aug 2006
    Posts
    3,042
    Agree. Without context, I am at a loss too.

  5. #5
    Join Date
    Feb 2006
    Posts
    467
    Maybe this?

    Alert (TA18-106A)
    Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices
    Original release date: April 16, 2018 | Last revised: April 18, 2018

    https://www.us-cert.gov/ncas/alerts/TA18-106A
    This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre (NCSC). This TA provides information on the worldwide cyber exploitation of network infrastructure devices (e.g., router, switch, firewall, Network-based Intrusion Detection System (NIDS) devices) by Russian state-sponsored cyber actors. Targets are primarily government and private-sector organizations, critical infrastructure providers, and the Internet service providers (ISPs) supporting these sectors.
    Selden

  6. #6
    Join Date
    May 2008
    Location
    The Netherlands
    Posts
    14,739
    You want technical details of hacks? You could go to http://honeynet.org/ and read up on the challenges, and the verbose descriptions of how the winners did things. Then come back and tell us if you think such detail is what the public can stomach without switching channels to some mindless but nice TV show.

    eta: that's a nice link, Selden, thanks.
    ____________
    "Dumb all over, a little ugly on the side." -- Frank Zappa
    "Your right to hold an opinion is not being contested. Your expectation that it be taken seriously is." -- Jason Thompson
    "This is really very simple, but unfortunately it's very complicated." -- publius

    Moderator comments in this color | Get moderator attention using the lower left icon:
    Recommended reading: Forum Rules * Forum FAQs * Conspiracy Theory Advice * Alternate Theory Advocates Advice

  7. #7
    Join Date
    Jul 2005
    Posts
    16,478
    There are lots of blogs and books about this - I occasionally glean something comprehensible from the Wordfence blog.
    The code and its annotations may show characteristic features suggesting where and in what language it was written - but that's not reliable, since cyberattackers often use bits of code lifted from various hacker toolkits.
    The metadata attached to the malware may give information about the sort of machine on which it was compiled, including keyboard settings - but these may be misdirections.
    The main tool seems to involve actually monitoring an attack while it develops, to see where packets are coming from, and where they're going - but these may be faked, and will likely originate from an intermediate botnet of hacked computers which have previously been subverted by the bad guys, and which then need to be examined in turn.

    All this is compared to previous patterns of activity, previous malware files, and previous hacker "tells", which taken together provide a sort of digital forensic fingerprint that may help identify related fingerprints.

    But because cyberattackers can spoof every stage of the attack, it's very difficult to trace them back. I suspect the actual techniques used to finger these state-sponsored activities are both incomprehensible to mere mortals and deeply embedded in layers of secrecy by NSA, GCHQ, etc.

    Grant Hutchison
    Blog

    Note:
    During life, we all develop attitudes and strategies to make our interactions with others more pleasant and useful. If I mention mine here, those comments can apply only to myself, my experiences and my situation. Such remarks cannot and should not be construed as dismissing, denigrating, devaluing or criticizing any different attitudes and strategies that other people have evolved as a result of their different situation and different experiences.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •